| |
There are a vast number of web sites and mailing lists dedicated to
security issues.
Here are some other sources of security information:
Securityfocus.com
has a wealth of general security-related news and information, and hosts
a number of security-related mailing lists.
See their website for information on how to subscribe and view their archives.
A few of the most relevant mailing lists on SecurityFocus are:
The ``bugtraq'' mailing list is, as noted above,
a ``full disclosure moderated mailing list for the detailed discussion and
announcement of computer security vulnerabilities:
what they are, how to exploit them, and how to fix them.'' The ``secprog'' mailing list is
a moderated mailing list for the discussion of secure software
development methodologies and techniques.
I specifically monitor this list, and I coordinate with its moderator
to ensure that resolutions reached in SECPROG (if I agree with them)
are incorporated into this document. The ``vuln-dev'' mailing list discusses potential or undeveloped holes.
IBM's ``developerWorks: Security'' has a library of interesting articles.
You can learn more from
http://www.ibm.com/developer/security. For Linux-specific security information, a good source is
LinuxSecurity.com.
If you're interested in auditing Linux code, places to see include
the Linux
Security-Audit Project FAQ
and Linux Kernel Auditing Project
are dedicated to auditing Linux code for security issues.
Of course, if you're securing specific systems, you should sign up to
their security mailing lists (e.g., Microsoft's, Red Hat's, etc.)
so you can be warned of any security updates. |
